Skip to content

Null Pointer Dereference in ReadOneMNGImage #723

Closed
@jgj212

Description

@jgj212

ImageMagick 7.0.7-0 Q16 x86_64

Here is the critical code:

                if (mng_info->global_plte == (png_colorp) NULL)
                  mng_info->global_plte=(png_colorp) AcquireQuantumMemory(256,		//line 5697
                    sizeof(*mng_info->global_plte));

                for (i=0; i < (ssize_t) (length/3); i++)
                {
                  mng_info->global_plte[i].red=p[3*i];
                  mng_info->global_plte[i].green=p[3*i+1];
                  mng_info->global_plte[i].blue=p[3*i+2];
                }

AcquireQuantumMemory(...) may return NULL, so mng_info->global_plte[i].xxx will Dereference Null pointer to cause memory error.

Credit: ADLab of Venustech

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions